Lixom: Protecting Encryption Keys with Execute-Only Memory

The confidentiality of cryptographic secrets is crucial for the security of modern computing systems. However, ensuring the confidentiality can be difficult in the presence of privileged attackers or transient-execution vulnerabilities such as Meltdown or Spectre. Trusted Execution Environments (TEEs) offer protection but are not always available and may require significant redesigns. In this paper, we present Lixom, a lightweight and generic technique for providing leakage resistance to cryptographic secrets on x86 processors. Lixom achieves its confidentiality guarantees by storing secrets in code instead of data and preventing accesses with execute-only memory (XOM). In virtual machines, Lixom can protect secrets from a compromised guest kernel, providing security guarantees comparable to TEEs. Additionally, Lixom provides robust protection against Spectre attacks, Meltdown, and Foreshadow, without impacting the throughput of algorithms such as AES. Lixom is broadly applicable as a hardening mechanism and can tangibly improve the security of applications like disk encryption or digital rights management.